In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system.
An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks. With the ability to run code unrestricted on the affected device, attackers could perform further malicious actions like elevating privileges, exfiltrating data, and deploying additional payloads. Microsoft’s Threat Intelligence research demonstrates that these exploits would need to be complex, and require Office macros to be enabled, in order to successfully target the Microsoft Office app. Similar to our discovery of another sandbox escape vulnerability in 2022, Microsoft researchers uncovered this issue while researching potential methods to run and detect malicious macros in Microsoft Office on macOS.
Read more…
Source: Microsoft
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Mitigating the Latest Vulnerability (CVE-2024-5008) in Progress WhatsUp Gold
August 6, 2024
The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in Progress WhatsUp Gold, assessed its impact and developed mitigation measures. WhatsUp Gold is a software that monitors every connected device in the network, providing visibility into the IT infrastructure. It also has the functionality to swiftly pinpoint and resolve issues ...
- SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability
August 5, 2024
The SonicWall Capture Labs threat research team has discovered a pre-authentication remote code execution vulnerability in Apache OFBiz being tracked as CVE-2024-38856 with a CVSS score of 9.8. This is the second major flaw SonicWall has discovered in Apache OFBiz in recent months, the first coming in December 2023. This time, a flaw in the override ...
- Chinese cyber attack sparks alert over six year old MS vuln
August 5, 2024
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft vulnerability dating back to 2018 to its Known Exploited Vulnerabilities (KEV) catalogue after evidence emerged that it is being used in an attack chain by the China-backed APT41 advanced persistent threat group. CVE-2018-0824 was first addressed by Microsoft in the May 2018 Patch ...
- Report finds Apple devices fare the worst when it comes to full takeover risks
August 1, 2024
A worrying number of environments are vulnerable to complete takeover via escalated privileges, a new report from Picus Security has found. Environments were tested in simulated attacks, with the average organization managing to defend against 7 out of 10 attacks, but considering the constant threat presented by organized cybercrime groups, this leaves a serious margin for potential ...
- Identifying a BOLA Vulnerability in Harbor, a Cloud-Native Container Registry
July 31, 2024
In a recent audit of open-source web applications, threat researchers from Unit 42 have identified a broken object-level authorization (BOLA) vulnerability that impacts Harbor versions prior to 2.9.5. Harbor is a widely used cloud-native container registry that plays a role in cloud environments by hosting container images and providing features such as role-based access control (RBAC), ...
- The Proliferation of Cellular in IoT
July 30, 2024
Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner. In this new research, the authors dive deep into the fairly recent uptick in the use of cellular communications in IoT-based devices like GPS trackers ...